How much threat do you need?

A few weeks ago I mentioned that if you've been assuming that you will not suffer a security breach, you're most likely wrong. Since then, though, a new survey has been released that shows that small and medium businesses don't tend to take cyberthreats seriously.

It sort of makes sense; the breaches that everyone hears about are the big ones. The perception is that smaller business don't have anything that anyone would want, comparatively speaking, so they're left alone.

If you run a small or medium sized business yourself you should know that's not true. If you are profitable, you have something that “they” would want, for several different values of “they”: customers, clients, and competitors. And if those entities want what you have, they might be willing to pay someone to steal it for them, or to put you (even temporarily) out of business, or at least, out of heavy competition.

As a security professional, I've seen myself how security software vendors consider past employees of their competitors a valuable resource. While nobody wants to face a lawsuit due to using someone else's code, the inside scoop on how software acts or where data is kept can be invaluable. It's not too much of a leap of logic to imagine someone paying for your data or trade secrets to get some competitive edge or put you out of business.

And it doesn't even have to be that complex. Hackers might not care about your data or secrets; they might just want the money in your bank account. Sure, it's not as much as they could get from the “big guys”, but hackers see smaller business' relative lack of security as low hanging fruit which they can much more quickly and easily exploit. Doing that over and over again can prove to be much more cost-effective, to the hackers, than all the work that goes into one large theft.

So the question you have to ask yourself, as a business owner, is how much threat do you need to feel? The odds are against every business, large or small, over time, in terms of facing a data breach. You're busy, with a business to run; hackers have nothing else to do, day in and day out, but pick their targets and then pick their weapons.

Every year, the number of small and medium businesses being breached goes up. Before you become a statistic, make information security a priority in your enterprise.

Mary Ursula Herrmann

Mary Ursula Herrmann is a Network Security Analyst living in Juneau, AK. She has worked in Information Security for over 15 years, and obtained her CISSP in 2005.